Share this story

The resignation of Gen. David Petraeus began, we all now know, with Gmail. Petraeus' biographer and reported mistress Paula Broadwell apparently regarded Tampa socialite and Petraeus friend Jill Kelley as a romantic rival, and she e-mailed Kelley from an anonymous Gmail account, warning her to stay away from the general. Kelley turned those e-mails over to the FBI, which began investigating who was behind the messages and eventually identified Broadwell as the owner of the account.

The FBI gained access to Broadwell's anonymous e-mail account. Inside, they found evidence that Broadwell and Petraeus had exchanged racy messages by storing them in Gmail's "drafts" folder.

The Broadwell saga illustrates just how vulnerable our e-mail is to warrantless government snooping, noted by privacy researcher Chris Soghoian in a post at the ACLU blog. We don't yet know exactly what legal procedures the FBI invoked to get information about Broadwell's online activities. But alarmingly, most of the information the FBI reportedly obtained in the course of its investigation would not have required any judicial oversight.

Warrantless access to non-content information

To conceal her identity, Broadwell avoided accessing the account from her home Internet account. Instead, she accessed it from publicly available WiFi connections.

Yet these steps proved insufficient to hide her identity. A source told NBC that it "took agents a while to figure out the source. They did that by finding out where the messages were sent from—which cities, which Wi-Fi locations in hotels. That gave them names, which they then checked against guest lists from other cities and hotels, looking for common names."

Similarly, the New York Timessays that agents "had to use forensic techniques—including a check of what other e-mail accounts had been accessed from the same computer address—to identify who was writing the e-mails."

Soghoian points out that under current law, all of this information—what IP addresses were used to identify a particular Gmail account, which other accounts were accessed with the same IP address, who stayed in a particular hotel on a particular date—can be obtained with a simple subpoena. That means there's no judicial oversight unless the recipient of the subpoena objects.

"There is no independent review, no check against abuse, and further, the target of the subpoena will often never learn that the government obtained data (unless charges are filed, or, as in this particular case, government officials eagerly leak details of the investigation to the press)," Soghoian notes.

Draft-y security

Not only did Broadwell try to hide her identity by creating an anonymous e-mail account, she also reportedly sought to avoid having her e-mails to Petraeus intercepted by not sending them at all. Instead, she and Petraeus shared the password to the e-mail account, and would leave messages for each other in its "drafts" folder.

This is not a new technique. Terrorists such as Khaled Sheikh Mohammed have used this method to evade surveillance. Yet ironically, using the technique may actually make your communications more susceptible to government snooping.

"The Department of Justice has argued that e-mails in the 'draft' or 'sent mail' folder are not in 'electronic storage' (as defined by the Stored Communications Act), and thus not deserving of warrant protection," Soghoian notes. "Instead, the government has argued it should be able to get such messages with a mere subpoena."

The weak privacy protection for metadata and draft e-mails are two examples of a broader problem: the rules governing law enforcement access to e-mail are extremely murky, and do not adequately safeguard online users' privacy rights. Law enforcement access to e-mail is governed by the 1986 Electronic Communications Privacy Act, which has long since started to show its age. The ECPA requires a warrant to obtain freshly sent e-mail before it's been opened by the recipient. But once an e-mail has been opened, or once it has been sitting in the recipient's e-mail box for 180 days, a lower standard applies. These rules simply don't line up with the way modern e-mail systems work.

Meanwhile, current legal precedents cast doubt on whether the Fourth Amendment's guarantee against unreasonable searches applies to cloud-based e-mail services at all. A legal principle called the Third Party Doctrine suggests that users give up their Fourth Amendment rights when they entrust their information to third parties such as Google. Justice Sonia Sotomayor has expressed skepticism about the Third Party Doctrine, suggesting that the Supreme Court might overrule it at some point in the future. But in the meantime, the government appears to have significant powers to rifle through information we entrust to cloud service providers like Google.

…the government appears to have significant powers to rifle through information we entrust to cloud service providers like Google.

…like anyone.

Skeptics often point to Google as an example of the risks of putting something like e-mail in the proverbial cloud, but these same law-enforcement tactics are effective when dealing with any kind of e-mail service provider. Even if you host the e-mail yourself, on your own premises, they will subpoena it if they want it, just as they do with Gmail.

Whatever the concerns may be about privacy and the law, there does not appear to be any way to avoid this kind of investigation gaining access to e-mail.

It's not a matter of the cloud, or e-mail, or technology, it's a matter of law and policy.

I've kinda been ignoring the whole "Petreaus had a mistress!!11!!!" sillyness figuring it was all just gossip. Short of the fact that someone could have stumbled on the general having an odd pattern of making drafts in a gmail account someone else was doing the same for communication between the two & kicking off a standard investigation, is anyone actually suspected/accused of any wrong doing?

This is what happens when law enforcement takes a special interest in your case. Pray it doesn't happen to you.

All this looking up hotel lists and such were done before the CIA director's name was involved. They were just investigating some threatening emails from John Doe to a random citizen (who happened to have a friend at the FBI).

Using the "draft" technique is clear evidence of "tradecraft." Off to GITMO with the both of them! ;-)

Note is federal spy trials, use of tradecraft is considered evidence.

Right. These guys drew even more attention to themselves, and eroded some of the protections afforded by the law by using tactics commonly used by military personnel.

I wish Ars would stop portraying this as an erosion of civilian rights. By all respects, this is not a civilian case. Miltary folk are subject to military law, not civil law. Make a big deal out of it when it happens to civilians, but not until then.

For example, I'm sure the esteemed Nate Anderson and a few others here know about Article 99? Cowardice in the face of the enemy is punishable by death. No trial, no court order, the commanding officer can summarily execute you for running away from, say, the front lines. Usually a bullet to the head. No complaints about "Right to life" or "right to a fair trial".

The FBI was begun at the request of a civilian and initially they had no idea who was sending the emails. Even after they figured out Broadwell was sending them, she wasn't a member of the intelligence community. The Petraeus connection was discovered only near the end of the investigation, after they'd gained access to Broadwell's email account. So I don't see how Petraeus's CIA connection is relevant to the investigation techniques the FBI used.

I find it funny that a US 4-Star General was using the tactics of terrorists to evade military law. I guess he was learning from the best!

I wonder, though, were they investigating him in connection with a criminal complaint? Otherwise, I would say they had no right to pursue and attain this information.

_

He's retired from the Army, so military law does not apply. He was never a subject of investigation, the email account he was using with Broadwell was being investigated first as the source of harassing emails, and then when it was realized that Petraeus was using it as well, as a potential security leak. The FBI turned this information, including Petraeus infidelity, over to one of Petraeus' deputies at the CIA, who advised Petraeus to resign. He hasn't committed any crimes or been the subject of any criminal investigation, AFAIK.

Using the "draft" technique is clear evidence of "tradecraft." Off to GITMO with the both of them! ;-)

Note is federal spy trials, use of tradecraft is considered evidence.

Right. These guys drew even more attention to themselves, and eroded some of the protections afforded by the law by using tactics commonly used by military personnel.

I wish Ars would stop portraying this as an erosion of civilian rights. By all respects, this is not a civilian case. Miltary folk are subject to military law, not civil law. Make a big deal out of it when it happens to civilians, but not until then.

For example, I'm sure the esteemed Nate Anderson and a few others here know about Article 99? Cowardice in the face of the enemy is punishable by death. No trial, no court order, the commanding officer can summarily execute you for running away from, say, the front lines. Usually a bullet to the head. No complaints about "Right to life" or "right to a fair trial".

Using the "draft" technique is clear evidence of "tradecraft." Off to GITMO with the both of them! ;-)

Note is federal spy trials, use of tradecraft is considered evidence.

Right. These guys drew even more attention to themselves, and eroded some of the protections afforded by the law by using tactics commonly used by military personnel.

I wish Ars would stop portraying this as an erosion of civilian rights. By all respects, this is not a civilian case. Miltary folk are subject to military law, not civil law. Make a big deal out of it when it happens to civilians, but not until then.

For example, I'm sure the esteemed Nate Anderson and a few others here know about Article 99? Cowardice in the face of the enemy is punishable by death. No trial, no court order, the commanding officer can summarily execute you for running away from, say, the front lines. Usually a bullet to the head. No complaints about "Right to life" or "right to a fair trial".

As has been pointed out to you this started as a civilian complaint, it was only after all the dodgy investigative tools were used that they realized there were ex-military people involved. (Note the "ex-")

Also for your further edification Article 99 sub (9) "....shall be punished by death or such other punishment as a court-martial may direct.” Strange, no mention of summary execution?

The thing about knee-jerk reactions is that they tend to bypass the higher order thinking or reasoning centres.

To even begin such an investigation the FBI would have needed something to justify one. "Harassing" emails that pale to some of the stuff I see here in the comment section or to what some authors here get in their email hardly are justification for launching an investigation by the FBI.

I highly doubt a comptent judge would have allowed it.

So not only didn't they have an account of a law being broken, their investigation also extended into determining the identity of the anonymous lover. They couldn't have known before hand the lover was Petreaus and being in a relationship isn't a crime. On what grounds did they uncover his identity and trace it back to him?

It goes on and on.

Just a personal note, I was kinda hoping to get a more tech point of view into communications and internet anonymity from Ars. Perhaps some in depth articles about how this affects regular people, what are things you maximize anonymity, etc. That's the tech angle that's interesting. This is somewhat a rehash of the news so far.

Using the "draft" technique is clear evidence of "tradecraft." Off to GITMO with the both of them! ;-)

Note is federal spy trials, use of tradecraft is considered evidence.

Right. These guys drew even more attention to themselves, and eroded some of the protections afforded by the law by using tactics commonly used by military personnel.

I wish Ars would stop portraying this as an erosion of civilian rights. By all respects, this is not a civilian case. Miltary folk are subject to military law, not civil law. Make a big deal out of it when it happens to civilians, but not until then.

For example, I'm sure the esteemed Nate Anderson and a few others here know about Article 99? Cowardice in the face of the enemy is punishable by death. No trial, no court order, the commanding officer can summarily execute you for running away from, say, the front lines. Usually a bullet to the head. No complaints about "Right to life" or "right to a fair trial".

The FBI was begun at the request of a civilian and initially they had no idea who was sending the emails. Even after they figured out Broadwell was sending them, she wasn't a member of the intelligence community. The Petraeus connection was discovered only near the end of the investigation, after they'd gained access to Broadwell's email account. So I don't see how Petraeus's CIA connection is relevant to the investigation techniques the FBI used.

The first statement is correct. Everything beyond the second statement, however, is untrue. Not only is Broadwell a lieutenant colonel (!) in the reserves, she was also, as per Wikipedia:

"... Deputy Director of the Jebsen Center for Counter-Terrorism Studies at The Fletcher School of Law and Diplomacy at Tufts University.[4] She also worked with the FBI Joint Terrorism Task Force.[4]"

If that does not qualify as part of the "intelligence community", I'm not sure what does.

To even begin such an investigation the FBI would have needed something to justify one. "Harassing" emails that pale to some of the stuff I see here in the comment section or to what some authors here get in their email hardly are justification for launching an investigation by the FBI.

I highly doubt a comptent judge would have allowed it.

So not only didn't they have an account of a law being broken, their investigation also extended into determining the identity of the anonymous lover. They couldn't have known before hand the lover was Petreaus and being in a relationship isn't a crime. On what grounds did they uncover his identity and trace it back to him?

It goes on and on.

Based on what I've seen the investigation was started because Kelley was personally acquainted with some FBI agents. It does seem they went to some fairly extraordinary lengths to investigate a few bitchy emails. Perhaps the next investigation will be of misuse of FBI resources engendered by personal relationships.

To even begin such an investigation the FBI would have needed something to justify one. "Harassing" emails that pale to some of the stuff I see here in the comment section or to what some authors here get in their email hardly are justification for launching an investigation by the FBI.

I highly doubt a comptent judge would have allowed it.

So not only didn't they have an account of a law being broken, their investigation also extended into determining the identity of the anonymous lover. They couldn't have known before hand the lover was Petreaus and being in a relationship isn't a crime. On what grounds did they uncover his identity and trace it back to him?

It goes on and on.

From what I've read it wasn't just a few harassing emails, but thousands. And it's not a crime for Petraeus to be in an extra-marital relationship, but his act of being so and sharing an email account with her was a potential security risk, so that evidence was gathered and turned over to the CIA for further action.

I wish Ars would stop portraying this as an erosion of civilian rights. By all respects, this is not a civilian case. Miltary folk are subject to military law, not civil law. Make a big deal out of it when it happens to civilians, but not until then.

It did. Namely, Jill Kelley, the woman she was warning to stay away from Petraus.

You're missing the forest for the trees. The FBI, not a military unit, conducted the investigation based on civillian emails and wound up with enough information to bring Petraus' affair to light.

I wish Ars would stop portraying this as an erosion of civilian rights. By all respects, this is not a civilian case. Miltary folk are subject to military law, not civil law. Make a big deal out of it when it happens to civilians, but not until then.

It did. Namely, Jill Kelley, the woman she was warning to stay away from Petraus.

You're missing the forest for the trees. The FBI, not a military unit, conducted the investigation based on civillian emails and wound up with enough information to bring Petraus' affair to light.

Petraus is a civilian, he retired from the military. I don't know why you would think military law applies here.

Using the "draft" technique is clear evidence of "tradecraft." Off to GITMO with the both of them! ;-)

Note is federal spy trials, use of tradecraft is considered evidence.

Right. These guys drew even more attention to themselves, and eroded some of the protections afforded by the law by using tactics commonly used by military personnel.

I wish Ars would stop portraying this as an erosion of civilian rights. By all respects, this is not a civilian case. Miltary folk are subject to military law, not civil law. Make a big deal out of it when it happens to civilians, but not until then.

For example, I'm sure the esteemed Nate Anderson and a few others here know about Article 99? Cowardice in the face of the enemy is punishable by death. No trial, no court order, the commanding officer can summarily execute you for running away from, say, the front lines. Usually a bullet to the head. No complaints about "Right to life" or "right to a fair trial".

What are you smoking? Petraeus isn't in the military.

Petraeus is a retired 4-star general. Retired military personnel retain their rank and are eligible for recall until the day they die. All regular retired military personnel are subject to UCMJ.

I wish Ars would stop portraying this as an erosion of civilian rights. By all respects, this is not a civilian case. Miltary folk are subject to military law, not civil law. Make a big deal out of it when it happens to civilians, but not until then.

It did. Namely, Jill Kelley, the woman she was warning to stay away from Petraus.

You're missing the forest for the trees. The FBI, not a military unit, conducted the investigation based on civillian emails and wound up with enough information to bring Petraus' affair to light.

Petraus is a civilian, he retired from the military. I don't know why you would think military law applies here.

I wish Ars would stop portraying this as an erosion of civilian rights. By all respects, this is not a civilian case. Miltary folk are subject to military law, not civil law. Make a big deal out of it when it happens to civilians, but not until then.

It did. Namely, Jill Kelley, the woman she was warning to stay away from Petraus.

You're missing the forest for the trees. The FBI, not a military unit, conducted the investigation based on civillian emails and wound up with enough information to bring Petraus' affair to light.

Jill Kelley is the only non-military person (currently) publicly caught in this affair, and she is being investigated because she filed the complaint. That's standard FBI operating procedure. If you complain to the FBI that your kid was kidnapped, their first suspect is you.

I wish Ars would stop portraying this as an erosion of civilian rights. By all respects, this is not a civilian case. Miltary folk are subject to military law, not civil law. Make a big deal out of it when it happens to civilians, but not until then.

It did. Namely, Jill Kelley, the woman she was warning to stay away from Petraus.

You're missing the forest for the trees. The FBI, not a military unit, conducted the investigation based on civillian emails and wound up with enough information to bring Petraus' affair to light.

Petraus is a civilian, he retired from the military. I don't know why you would think military law applies here.

I just checked, retirees are still bound by the military code of conduct.

Using the "draft" technique is clear evidence of "tradecraft." Off to GITMO with the both of them! ;-)

Note is federal spy trials, use of tradecraft is considered evidence.

Right. These guys drew even more attention to themselves, and eroded some of the protections afforded by the law by using tactics commonly used by military personnel.

I wish Ars would stop portraying this as an erosion of civilian rights. By all respects, this is not a civilian case. Miltary folk are subject to military law, not civil law. Make a big deal out of it when it happens to civilians, but not until then.

For example, I'm sure the esteemed Nate Anderson and a few others here know about Article 99? Cowardice in the face of the enemy is punishable by death. No trial, no court order, the commanding officer can summarily execute you for running away from, say, the front lines. Usually a bullet to the head. No complaints about "Right to life" or "right to a fair trial".

The FBI was begun at the request of a civilian and initially they had no idea who was sending the emails. Even after they figured out Broadwell was sending them, she wasn't a member of the intelligence community. The Petraeus connection was discovered only near the end of the investigation, after they'd gained access to Broadwell's email account. So I don't see how Petraeus's CIA connection is relevant to the investigation techniques the FBI used.

The first statement is correct. Everything beyond the second statement, however, is untrue. Not only is Broadwell a lieutenant colonel (!) in the reserves, she was also, as per Wikipedia:

"... Deputy Director of the Jebsen Center for Counter-Terrorism Studies at The Fletcher School of Law and Diplomacy at Tufts University.[4] She also worked with the FBI Joint Terrorism Task Force.[4]"

If that does not qualify as part of the "intelligence community", I'm not sure what does.

Obviously she has served in the military in the past. But I'm pretty sure that right now she's a student, not in a military or intelligence job. Also, why would the FBI be conducting a military/intelligence investigation? The FBI's job is domestic, civilian law enforcement.

Using the "draft" technique is clear evidence of "tradecraft." Off to GITMO with the both of them! ;-)

Note is federal spy trials, use of tradecraft is considered evidence.

Right. These guys drew even more attention to themselves, and eroded some of the protections afforded by the law by using tactics commonly used by military personnel.

I wish Ars would stop portraying this as an erosion of civilian rights. By all respects, this is not a civilian case. Miltary folk are subject to military law, not civil law. Make a big deal out of it when it happens to civilians, but not until then.

For example, I'm sure the esteemed Nate Anderson and a few others here know about Article 99? Cowardice in the face of the enemy is punishable by death. No trial, no court order, the commanding officer can summarily execute you for running away from, say, the front lines. Usually a bullet to the head. No complaints about "Right to life" or "right to a fair trial".

The FBI was begun at the request of a civilian and initially they had no idea who was sending the emails. Even after they figured out Broadwell was sending them, she wasn't a member of the intelligence community. The Petraeus connection was discovered only near the end of the investigation, after they'd gained access to Broadwell's email account. So I don't see how Petraeus's CIA connection is relevant to the investigation techniques the FBI used.

The first statement is correct. Everything beyond the second statement, however, is untrue. Not only is Broadwell a lieutenant colonel (!) in the reserves, she was also, as per Wikipedia:

"... Deputy Director of the Jebsen Center for Counter-Terrorism Studies at The Fletcher School of Law and Diplomacy at Tufts University.[4] She also worked with the FBI Joint Terrorism Task Force.[4]"

If that does not qualify as part of the "intelligence community", I'm not sure what does.

Obviously she has served in the military in the past. But I'm pretty sure that right now she's a student, not in a military or intelligence job. Also, why would the FBI be conducting a military/intelligence investigation? The FBI's job is domestic, civilian law enforcement.

You said that they used techniques used by terrorists. FBI is responsible for counterterrorism and counterintelligence.

Everything is classified as something in the military. It could be something as trivial as the lunch menu at the office cafe. Of course, the public will never know since it's all classified. Classified does not necessarily mean nuclear launch codes.

You'd think he'd know that security through obscurity never works, and to properly protect data transferred through a non-secure medium.

Guess he thought no one would care that much since it isn't that huge of a deal.

Petraeus had to resign once this was discovered. It was probably buried until his resignation was forced by this.

Of course screwing around on his wife with another married woman and starting a new flirtation with a third woman MIGHT have contravened some morality clause or code of conduct attached to his job and embarrassed the administration that appointed him, I guess...

Obviously she has served in the military in the past. But I'm pretty sure that right now she's a student, not in a military or intelligence job. Also, why would the FBI be conducting a military/intelligence investigation? The FBI's job is domestic, civilian law enforcement.

You said that they used techniques used by terrorists. FBI is responsible for counterterrorism and counterintelligence.

Are you telling me the FBI thought Broadwell's emails were an act of terrorism or are you just trolling now?

I've kinda been ignoring the whole "Petreaus had a mistress!!11!!!" sillyness figuring it was all just gossip. Short of the fact that someone could have stumbled on the general having an odd pattern of making drafts in a gmail account someone else was doing the same for communication between the two & kicking off a standard investigation, is anyone actually suspected/accused of any wrong doing?

There is some talk that he shared classified information with her, but I don't know how substantial that is.

Jill Kelley is the only non-military person (currently) publicly caught in this affair, and she is being investigated because she filed the complaint. That's standard FBI operating procedure. If you complain to the FBI that your kid was kidnapped, their first suspect is you.

But the FBI did not know it involved military personnel until late in the investigation, and their investigation included snooping on a whole bunch of people who would have been quickly cleared and disregarded.

The privacy breeches all happened before they knew it had anything to do with the military.

Similarly, the New York Times says that agents "had to use forensic techniques—including a check of what other e-mail accounts had been accessed from the same computer address—to identify who was writing the e-mails.

So they did a complete search of all Gmail accounts to see what IP addresses had accessed them? Really?